EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Bitchat: a “survival app” to withstand internet shutdowns
    • Home
    • Cyber +
    • Bitchat: a “survival app” to withstand internet shutdowns

    Bitchat: a “survival app” to withstand internet shutdowns

    02.18.26
    Cyber +
    06
    MIN
    Bitchat: a “survival app” to withstand internet shutdowns
    Bitchat: a “survival app” to withstand internet shutdowns
    Bitchat: a “survival app” to withstand internet shutdowns
    Image Palantir : angel or demon?
    Cyber +
    03.10.26 Cyber +
    Next article
    Palantir : angel or demon?
    Read
    10
    MIN
    Image They want to put humans back into AI to save it from itself. Who are they?
    Cyber +
    03.05.26 Cyber +
    Next article
    They want to put humans back into AI to save it from itself. Who are they?
    Read
    06
    MIN
    Image The United States Exclude Anthropic from Federal Agencies
    Cyber +
    03.03.26 Cyber +
    Next article
    The United States Exclude Anthropic from Federal Agencies
    Read
    02
    MIN
    Image Cyber Defense on the Front Line: The French Army Facing New Threats
    Cyber +
    02.26.26 Cyber +
    Next article
    Cyber Defense on the Front Line: The French Army Facing New Threats
    Read
    06
    MIN
    A simple gesture—three taps on a logo—and every trace of a conversation disappears. In Iran, Bitchat is more than an application: it is a digital lifeline for thousands of protesters cut off from the global network. Thanks to a unique serverless architecture, this messaging app allows information to circulate from phone to phone, like an electronic “word of mouth.”

    Since 28 December 2025, Iran has been experiencing a major wave of mass protests. In response to public discontent, the Iranian government decided to shut down the internet to disrupt the organization of demonstrators and limit the spread of information. Since 8 January, when the “blackout” was implemented, authorities have seized Starlink antennas and satellite dishes in Tehran and in the western Kurdish regions to ensure the shutdown is effective.

    Despite this, the protest movement has not weakened. It is even the largest wave of demonstrations Iran has seen since the establishment of the clerical regime in 1979. This can be explained, among other reasons, by protesters finding alternative ways to organize. One application in particular illustrates this capacity to adapt: Bitchat, an encrypted messaging app for smartphones that does not require internet access to function.

    How does Bitchat work?

    Announced in July 2025 by Jack Dorsey (co-founder of Twitter) and Block, Inc., the app has established itself in repressive environments, whether in Iran or more recently in Uganda, where the internet was cut during the election period. To understand Bitchat, one must set aside the traditional model of the internet, where everything passes through centralized servers. The hybrid application stands out by turning the user’s smartphone into an independent radio transmitter-receiver.

    Bitchat relies on a peer-to-peer system. In a traditional messaging app such as WhatsApp, the user is a “client” communicating with a “server.” With Bitchat, each user is equal to the other. The phone acts both as a “client” (to read messages) and as a “server” (to transmit others’ messages). The advantage is that in a repressive context, if the government shuts down central servers, it changes nothing for the user, because the network is made up of millions of small nodes—the phones of other citizens.

    This is known as a “mesh” network. The user’s smartphone uses Bluetooth to detect other users nearby, within a range of 50 to 300 meters. To send a message to someone 800 meters away, the message “hops” from phone to phone until it reaches its destination, without ever passing through the internet. As long as enough people are nearby, the network forms automatically.

    However, Bluetooth may not always be sufficient—for example, if the user wants to send a message to someone on the other side of the country, or if no one is nearby to relay the message via Bluetooth. In that case, Bitchat can still use the internet, particularly through the Nostr protocol. How does this work in practice? The Nostr protocol is based on an inseparable pair: relays and keys. Relays are numerous small independent servers, operated by individuals or associations, acting as decentralized mailboxes around the world. Keys replace the traditional account: the user’s phone generates a private key, which acts as a secret signature, and a public key, which becomes a universal identifier. Data is therefore never locked into a single company but circulates freely from one relay to another.

    Using this protocol offers advantages in resisting censorship. A government can shut down a Nostr relay, but there are thousands of them and it is impossible to close them all at once. Moreover, Nostr belongs to no one. There is no central database to hack and steal information from. Within Bitchat, the protocol also enables the creation of chat rooms by geographic area. Even if the user is not connected via Bluetooth, they can see what people in their neighborhood or city are saying through relays that filter messages by zone.

    Bitchat is also a free and open-source project: anyone can contribute to improving the app’s security. Developers can create versions tailored to their needs, with additional features. In Iran, for example, developers have created an equivalent messaging app adapted to local needs: Noghteha (which means “points” in Farsi).

    A shield for citizens

    To protect privacy, Bitchat uses end-to-end encryption, based on the principle of a lock and its key. Each user has a “public key” that friends use to lock messages, and a “private key,” stored only on their phone, to unlock them. Even if a message passes through a stranger’s smartphone or an internet relay, it remains completely unreadable to intermediaries. Only the final recipient possesses the unique key capable of unlocking the secret.

    This security is reinforced by the fact that no real identity is linked to these mathematical keys. Bitchat does not require a phone number, email address or account to be used. The application aims to guarantee user anonymity.

    In contexts such as Iran or Uganda, anonymity is crucial to avoid being identified by authorities. Bitchat’s creators are fully aware of this situation, and the app includes a “panic mode”: pressing the app’s logo three times erases all conversations without leaving a trace. A simple gesture in the event of a police check.

    While Bitchat has proven effective in repressive environments, this type of messaging can also be useful in other situations where resilience is essential: in areas without network coverage, at festivals, or in the aftermath of natural disasters. When internet access is unavailable, it can serve as a powerful relay for information and enable continued coordination in difficult circumstances.

    Bluetooth: a double-edged sword

    To date, Bluetooth is not a foolproof solution. Although messages are encrypted, the signal emission itself remains a physical trace. In a repressive context, this is problematic: if police use frequency scanners, they may detect the presence of Bitchat users in a crowd, even without reading their messages.

    In some countries, such as Denmark, intelligence services warn about Bluetooth vulnerabilities and its potential use for tracking citizens. The protocol can sometimes allow attacks without user interaction due to unpatched flaws. With the right techniques and tools, an attacker in proximity to a target can intercept communications, sensitive data, or even execute malicious code remotely—without prior authentication or pairing, and even when the device is not in discoverable mode.

    No solution is invulnerable. In the Iranian context, Bitchat remains a relevant compromise between digital anonymity (no account required) and physical visibility (due to radio waves).

    By Juliette Barrat

    02.18.26
    Continue reading
    1
    09.11.23 Digital transformation
    European health insurers move towards digital coordination
    Read
    01
    MIN
    2
    04.09.20
    For a collective and collaborative cybersecurity!
    Read
    03
    MIN
    3
    02.06.25 Fraud
    The FBI and Dutch police dismantle the phishing group The Manipulaters
    Read
    02
    MIN
    4
    07.02.15
    Summary and comments on the breakfast organized by the FIC observatory: “Cyber Prefect, to serve citizens, businesses and the state”
    Read
    06
    MIN
    Image Palantir : angel or demon?
    Cyber +
    03.10.26 Cyber +
    Next article
    Palantir : angel or demon?
    Read
    10
    MIN
    Image They want to put humans back into AI to save it from itself. Who are they?
    Cyber +
    03.05.26 Cyber +
    Next article
    They want to put humans back into AI to save it from itself. Who are they?
    Read
    06
    MIN
    Image The United States Exclude Anthropic from Federal Agencies
    Cyber +
    03.03.26 Cyber +
    Next article
    The United States Exclude Anthropic from Federal Agencies
    Read
    02
    MIN
    Image Cyber Defense on the Front Line: The French Army Facing New Threats
    Cyber +
    02.26.26 Cyber +
    Next article
    Cyber Defense on the Front Line: The French Army Facing New Threats
    Read
    06
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.